[5370] in bugtraq
Re: L0pht Advisory: IMAP4rev1 imapd server
daemon@ATHENA.MIT.EDU (Marc Slemko)
Thu Oct 9 01:41:43 1997
Date: Wed, 8 Oct 1997 17:45:05 -0600
Reply-To: Marc Slemko <marcs@ZNEP.COM>
From: Marc Slemko <marcs@ZNEP.COM>
X-To: "We got Food - Fuel - Ice-cold Beer - and X.509 certificates"
<mudge@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.971008181433.21911B-100000@l0pht.com>
On Wed, 8 Oct 1997, We got Food - Fuel - Ice-cold Beer - and X.509 certificates wrote:
> Scenario:
>
> It is possible to crash the imapd server in several possible places.
> Due to the lack of handling for the SIGABRT signal and the nature
> of the IMAP protocol in storing folders locally on the server; a core dump
> is produced in the users current directory. This core dump contains the
> password and shadow password files from the system.
It should be noted that this only works on systems that allow a
process that has changed UIDs since the last exec to core dump.
Some, such as FreeBSD (and OpenBSD I would guess, and a dozen
others), don't for exactly this reason. The same thing came
up with ftpd a while back.
